Security researchers at Bkav now say they’ve managed to crack FaceID by using custom crafted face masks. However, instead of making photo realistic masks, the team instead focused on crafting masks to trick FaceID’s depth-mapping technology.
The hacker team say they didn’t utilise any tricks to make their system work. They trained the iPhone from a real person’s face, and only spent about $150 in supplies to create the mask (aside from what a basic 3D printer would cost). The team says it began working on the mask on November 5, meaning it took them about five days to end up with a false face capable of unlocking the iPhone X in one go.
Of course, even the research team understand just how much of an effort this is for a common thief to get access to your phone. Just like with faking someone’s fingerprint, it wouldn’t make sense to go through this on a regular basis for average everyday people’s iPhones. On the other hand, it’s a technique that intelligence agencies could easily employ, assuming they have the data needed to build a model of a person’s face.
More so, the project just attempts to show that using your face to log into a device is less about how secure it is and more about convenience. It’s not the watertight security Apple claimed it is sure, but it’s likely enough for you on a daily basis. However, if you plan on becoming a person of interest for the NSA, it’s probably best not to store anything incriminating on your iPhone X.